- Optimism reverted to permissioned fraud proofs due to vulnerabilities found in audits.
- A hard fork named "Granite" is scheduled for September 10 to update the Optimism network.
Optimism has reverted its network to a permissioned state after community-driven audits identified several bugs in its recently launched permissionless fraud proof system, including two high-severity issues.
The Optimism Foundation announced the rollback on X, stating that the move was made “out of an abundance of caution” to avoid potential instability while the vulnerabilities are patched.
In March, Optimism commenced trials for its fault proof system on Ethereum’s Sepolia test network to boost security and decentralization and address criticism over previous vulnerabilities.
The decision comes just over two months after the network implemented permissionless fraud proofs on June 10, followed by its token unlock event. This enhanced the network and allowed ether and ERC-20 token withdrawals, a milestone that allowed it to reach Stage 1 decentralization as outlined by Ethereum co-founder Vitalik Buterin.
Mofi Taiwo, a protocol engineer representing Optimism contributor OP Labs, submitted a proposal to the network’s governance forum detailing the reasons for activating the fallback system. The post emphasized that no vulnerabilities had been exploited and user assets were never at risk.
“While the auditors did discover some high severity issues, no user assets were ever at risk. All of the audit issues listed below can be detected by our monitoring tooling,” Taiwo stated in the proposal.
The identified vulnerabilities primarily affect contracts related to the fraud proof system that fell outside Optimism’s audit scope. These contracts were categorized as posing liveness and reputational risks, which did not require formal audits according to the project’s guidelines.
To address the issues, Taiwo proposed an upgrade dubbed “Granite” scheduled for September 10 at 16:00:01 UTC. The upgrade will involve several updates to the network, including an L2 hard fork. While the hard fork has not undergone a formal audit, OP Labs conducted an internal security review and deemed the changes low-risk.